Ch-ch-ch-changes

Well 1st I hope you all like the new look to the blog, it was forced upon me by the fact that I wanted a proper banner type logo and as I’m not particularly gifted in the artistic department the image above is as good as it’ll get.

On top of that, Blizzard have kindly made some changes to the authenticator system, as described in the US forums in a post from Zarhym that reads:

If you use an authenticator – and we hope you do – you may soon notice that an authenticator prompt may not appear with every login. We’ve recently updated our authentication system to intelligently track your login locations, and if you’re logging in consistently from the same place, you may not be asked for an authenticator code. This change is being made to make the authenticator process less intrusive when we’re sure the person logging in to your account is you.

We hope to continue improving the authenticator system to ensure the same or greater security, while improving and adding features to make having one a more user friendly experience. If you don’t already have a Battle.net Authenticator attached to your account, don’t wait until it’s too late –http://us.battle.net/en/security/checklist

Do you think this is a good thing? I’m torn and would really like to know more. I ALWAYS log in form home, never at work, at a friends or on a public computer and I don’t find having to use the authenticator intrusive, sure it is annoying in the middle of a raid when you get DC’d that I have to hunt for my iPhone to use the authenticator but its always on my desk anyway and if there is a short cooldown on the need to re-authenticate (say 30 minutes to 1 hour) thats cool and will save a few precious minutes. But any more than that and I become more nervous about the security and already I actually feel less secure than I have done since getting the authenticator way back when.

Maybe I’m being paranoid. Do you have concerns over this? If so, please leave a comment so I can judge your views.

Post navigation

This article has 2 Comments

I'm sure for >99.9% of people there isn't any change in security in practice. Sure, IP spoofing is possible, but it's a lot more effort and I suspect hackers would still prefer to just attack those without authenticators or stick to the old social-engineering methods they've always used, which aren't affected by this change at all.

But then there's my irrational (human) side: using the Authenticator makes me feel secure, because it's explicit that every time I want to log in I have to go get my phone and type in the numbers. That's the only way and I'm in total control of that physical token.

And what of people who share an IP address. Lodur's testing on WoMatticus suggested there's a cookie thing so that ties it to your machine, but one could share a computer with other people.

Really I'd prefer the option, like you get with passwords, to "remember me" or not.

Indeed making it optional to not have to authenticate each time would be an improvement and certainly put control back with the more paranoid users (yes thats me).

However, Blizzard seem to have very definite ideas on certain things and this feels like one of the ones (like not implementing an invisible mode for RealID) that they're not considering other traditional options.

All told I'm sure the careful people will continue to be as safe as they ever were. Keyloggers are the most prevalent way of attacking anything and avoiding them is truly the key.